Re: Contribution: Active Directory Password Cache (ITS#5042)

s.hetze@linux-ag.de wrote:
> Renaming the variables is no problem. What would you say extpwc stands
> for?
EXT ernal P ass W ord C ache?
> I can imagine to call the module krb5pwc and head the README
> "Kerberos V/Active Directory Password Cache"
Right; but, this would limit yourself to Kerberos V; see my other
posting about rather delegating auth to SASL.
>> Well, that could be a parameter that is provided through the
>> configuration (caching TTL, optional negative caching TTL, and so). It
>> doesn't need to be stored in the entry, or in a subentry, since dynamic
>> configuration would allow to modify it run-time anyway.
>>
>
> If I understand it correct, you suggest to let the cached password
> expire after some configurable time. To achieve this, I would need to
> keep a timestamp when the password was cached.
> Is there any other way than to add an attribute holding this timestamp?
> ...
> Actually, I could make this feature depend on the {ad|krb5}pw-cache-mode=any
> and use the sambaPwdLastSet attribute.
Right; I think a specific operational attribute would be better.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------